如何解决.NET Core 3.1 - 加密:使用动态生成的随机 IV
Sonarlint 警告我加密例程存在严重安全风险
-
我不明白为什么它会触发第一个 aes.CreateEncryptor(aes.Key,aes.IV); 而不是第二个
-
Sonar 给了我一个如何修复它的例子,但是如果 IV 是随机生成的,我如何在解密部分取回它?
-
为什么声纳 示例称为 Encrypt() 而不是 generateRandomIV()?
我发现这些,所以我相信
有人可以帮我吗?
public static string EncryptString(string plainText,string key)
{
byte[] iv = new byte[16];
byte[] array;
using (Aes aes = Aes.Create())
{
aes.Key = Encoding.UTF8.GetBytes(key);
aes.IV = iv;
ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key,aes.IV);
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream((Stream)memoryStream,encryptor,CryptoStreamMode.Write))
{
using (StreamWriter streamWriter = new StreamWriter((Stream)cryptoStream))
{
streamWriter.Write(plainText);
}
array = memoryStream.ToArray();
}
}
}
return Convert.ToBase64String(array);
}
public static string DecryptString(string cipherText,string key)
{
byte[] iv = new byte[16];
byte[] buffer = Convert.FromBase64String(cipherText);
using (Aes aes = Aes.Create())
{
aes.Key = Encoding.UTF8.GetBytes(key);
aes.IV = iv;
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key,aes.IV);
using (MemoryStream memoryStream = new MemoryStream(buffer))
{
using (CryptoStream cryptoStream = new CryptoStream((Stream)memoryStream,decryptor,CryptoStreamMode.Read))
{
using (StreamReader streamReader = new StreamReader((Stream)cryptoStream))
{
return streamReader.ReadToEnd();
}
}
}
}
}
声纳示例:
public byte[] Encrypt(byte[] key,byte[] data,MemoryStream target)
{
using var aes = new AesCryptoServiceProvider();
var encryptor = aes.CreateEncryptor(key,aes.IV); // aes.IV is automatically generated to random secure value
using var cryptoStream = new CryptoStream(target,CryptoStreamMode.Write);
cryptoStream.Write(data);
return aes.IV;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。